Management (console) communications are used in server systems to send and receive status, control and configuration information. Management communications are typically transmitted and received via a single local area network (LAN) interface (i.e., a LAN that combines management and payload communications), or via a cable to an RS-232 port on the server.
When there is no management LAN, each server typically includes an RS-232 port for management communications. When a large number of servers are to be controlled, a complex, hard-to-manage wiring bundle to each individual server's RS-232 port is typically implemented, which connects each individual server with a complex set of switch networks. Using an RS-232 port for management communications is sufficient for a single stand-alone server, but when the server is integrated with many others, a separate cable for each server is difficult to maintain and configure.
As an alternative to dedicated RS232 ports, some servers will use a LAN interface commonly implemented as a Network Interface Card (NIC) configured and maintained through the operating system. Normally this LAN is used for application and customer payload information, and the management functions are an add-on.
If a single LAN interface is used, there is a security hole in that management information commingles with payload information on a single LAN. This commingling of signals on a single LAN allows for unauthorized snooping, and the potential for unauthorized communications to console devices. For a single LAN interface, a security driven software layer can be used (at additional cost), but there is a possibility that the security layer could be compromised. The mixed data stream is vulnerable to security breaches even if firewalls are used. Unauthorized access by an application user to chassis management functions could lead to permanent data corruption for all users. Similarly, unauthorized access by a chassis administrator to an application could lead to a compromise of secure data.
With the single LAN solution, the content on the LAN can be segregated outside of the system to the two different streams, management and payload. This forces the same solution on all systems in a data center. A system-by-system solution is difficult, to obtain and maintain. In addition, by having the segregation in commercial, sometimes publicly accessible switches, the possibility of hacking is greatly increased. Once the LANs are linked through an external switch, management or information technology (IT) personnel would typically configure the system, and then hand it over to the application users/developers, who would typically change passwords for security reasons to lock out the IT personnel from the system. Only through manual intervention and coordination between the two types of users can full manageability be obtained.
It would be desirable to provide a server with a more convenient, flexible, and secure system for management communications.